This blog is sponsored by Nexor and focuses on Cyber Security issues and market observations, but you will also find the occasional article about small businesses (SMEs) and the IT industry in general.

Featured Posts

  • Diodes are Diodes, Guards are Guards - Over the last 3-5 years Data Diodes have grown in popularity as a solution for moving data between isolated networks. With this has come creative marketing to leverage the term ‘Diode’ for solutions that are anything but. Let’s just take a few moments to revise some of the fundamental modes of secure information exchange. Protecting […]
  • The Cyber Essentials Experience - This month the UK Government Cyber Essentials Scheme was launched. Nexor committed to gaining Cyber Essentials certification, with Steve Kingan observing: “I welcome the advent of the Cyber Essentials Scheme and believe it is an important development in improving the supply chain to HMG. Nexor has demonstrated that the Scheme can be straight forward to […]
  • TrueCrypt – Don’t Panic – Think about 99% of users - Over recent days there has been a lot of discussion about TrueCrypt, and whether it is a viable security technology. Among the frenzy between security experts to figure out what is going on, the user community is left confused. It’s time to revist some security basics… What’s going on with TrueCrypt? First there were announcements […]
  • Changing 40+ Passwords: Thanks Heartbleed - Following the Heartbleed revelations, the security advice from the great and good was to change all passwords. To support World Password Day, I changed over 40 other them – quite an interesting exercise. Alarmingly, it appears I am still vulnerable. To tell the story of why I am still vulnerable, this blog is split into three parts: […]
  • UK Government Security Classification Scheme - After nearly two years of planning, the new UK Government Security Classification system comes into operation this month. This will probably be accompanied by some articles from the doomsday brigade suggesting forecasting chaos and uncertainty; there are undoubtedly rough edges, but it’s important not to lose sight of the bigger cultural change at play… In […]
  • Cyber Insurance - Information Assurance or broader Cyber Security has traditionally been a discipline of identifying threats and vulnerabilities then deploying one of three general categories of countermeasure: technology, process or education. But in more recent times companies are adding a forth element into mix – Cyber Insurance. Insurance Background Disclaimer: I am not an insurance expert, take expert […]
  • A Brief Introduction into Threat Analysis - The purpose of this blog piece is to introduce the concept of threat analysis, what it is and why it’s a good idea, while at the same time present a simple and effective way to try it yourself.  It is part of a blog series on the development approach at Nexor. It is now an […]
  • What is the difference between a Guard and a Gateway? - Guards and gateways are full application layer proxies that connect to two or more networks.  They accept data passed on an inbound network interface, ‘process it’, and then pass data to the outbound network interface.   The difference between the two is in the ‘process it’ step. Guards A Guard will inspect the application level data […]
  • Prehistory of LDAP - It all started in the basement of the Computer Science department of University College London in about 1988. I was working alongside Paul Sharpe of then of GEC, who was working on user agents on the Thorn project. At the time I was implementing DISH – a directory user agent for the Quipu X.500 directory. Paul showed […]

And Finally…

The issues that are blogged about most are:

  • Security awareness for non-technical home users
  • Trust and assurance of software and solutions
  • People, process and technology triangle
  • Secure Information Exchange



Get every new post delivered to your Inbox.

Join 460 other followers